Slashdot Mirror
Apple Was Notified About Major FaceTime Eavesdropping Bug Over a Week Ago (macrumors.com)
An anonymous reader writes: Twitter user MGT7500 tagged the official Apple Support account in a January 20 tweet claiming that her 14-year-old son discovered a "major security flaw" that allowed him to "listen in to your iPhone/iPad without your approval." The user also tagged Tim Cook on the issue in a follow-up tweet on January 21."
Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot. [...] All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues. The original story has been updated to include another example of a user -- John Meyer -- who has shared a video about the FaceTime bug that he says was recorded and sent to Apple on January 23.
Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot. [...] All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues. The original story has been updated to include another example of a user -- John Meyer -- who has shared a video about the FaceTime bug that he says was recorded and sent to Apple on January 23.
Take a pick:
1) No
2) your security is important to us, here is a link to our FAQ
3) You're wrong, Apple does not have bugs.
I thought users wanted group facetime?
Does Tim Cook actually monitor Twitter and look for posts with a #TIMCOOK tag and then read them?
Since anyone with an ounce of brain will realize the answer is a big fat NO, shouldn't it also be obvious that tagging a Twitter post with someone's name is completely worthless, and that if you wanna report a fucking bug, you should go to that company's bug reporting website and do it there? Apple has one, it took me all of 2 seconds to Google for it: https://bugreport.apple.com/
Actually it should be obvious to people by now that Twitter itself is completely worthless. Just let it die, please?
...you need to cover mic and camera with thumb and index finger!
Bug or feature for law enforcement etc.?
This is Apple. Remember their refusal to help unlock the phone of the guy who shot up the staff Christmas party in California awhile back? Yea, they don't seem to be the type to do what ever law enforcement asks.
Therefore, I'm guessing this is a "bug" and not a planned feature. But, it's just a guess.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
It's obvious that radio silence is the sole MO for large corporate entities, especially the popular / well-known ones. Saying nothing is not the same as denying, and won't be until government bodies start prosecuting it that way.
And sure, Twitter is mostly worthless, but at least they don't make a living and pay high dividends to the 1%'ers by selling way over-priced offshore-made proprietary whatchamacallits.
-- Karma whore? You betcha. --
Down 28%. My GOD! We're doomed! Thanks, Trump!
Even reporting to the security team as it was, would probably take a day or so to verify, and then someone can be assigned to fix...
But let's be realistic, a fix for this is not something that would just take overnight - or not something you would want them to rush. I mean, do you want it fixed right or do you want some new bug introduced?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
...Apple was holding their phone wrong when the email came in.
That's just what they want you to think...
-- sigs cause cancer.
Apple won't recognise `bugs' in its perfect OS unless they go viral.
Already patched (just spoke to Apple's people - DIRECTLY - & the ones doing the patchwork whom I know (my nephew practically "runs the show" in that very dept. for them for 6++ yrs. now so I get a 'direct line'...)).
Currently - He's on their "tiger teams" now though but is aware it is patched (not many of you will KNOW what a 'tiger team' is but you have to be REALLY GOOD to be on one). I'm proud of his achievements in fact, especially THAT one.
* Soooo, "Move along folks - nothing to see here" & I noted this here already https://apple.slashdot.org/com...
APK
P.S.=> They're pretty QUICK on the mark on this note in patches - NOW, it's just waiting on "Q/A" personnel stamp of approval turn-around time... apk
Anyone know why the press narrative shifted to describe this security flaw/issue as a "bug"?
Isn't this "bug" the very type that also qualifies as a security flaw? (all security flaws qualify as bugs, but not all bugs are special enough to qualify as a security flaw)
But Mom was too clever for them and they had to give up.
Well, let's hope not for Apple's users @ least - bugs, suck! Me? I don't write "bugs" (e.g. none found in my hosts engine to date w/ 100k++ users worldwide).
APK
P.S.=> I think a BIG part of why is that, when possible, I don't tend to depend on others' libs etc. (what you can't control, a BIG one that) - just my own code & that of the compiler + OS API's I use (helps stall the possibility of 'bugs' that way & so far for me, since 1982 coding here? It's done well)... apk
This is Apple. Remember their refusal to help unlock the phone of the guy who shot up the staff Christmas party in California awhile back? Yea, they don't seem to be the type to do what ever law enforcement asks.
That's what the press releases say, so it must be true!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Getting the residue back off is a pain, but the shit sticks well for a few weeks before needing replacement.
If you don't care about color, all kinds of masking tape work, including the low residue varieties, but they are usually in bright contrasting color which will get you labelled one of those 'privacy kooks'.
Remote activation of mic and cam? Pft. Old news. Five eyes been able to do this for about a decade now.
No tech company can truly know, for sure, that their product is secure. Shouting this from the rooftops (in this case, pretty much literally) was only ever going to end one way.
https://www.independent.co.uk/...
Pride comes before a fall and all that!
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
So, if the press coverage all disagrees with your version of events, Just ignore it and go with your version? Even when there are legal rulings and transcripts that support the news reporting?
Why bother complaining about Fake News when we have stuff like this..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
"Even when there are legal rulings and transcripts that support the news reporting?"
A transcript can contain lies, that's literally what corporate lawyers and PR flacks are for. A court can be misled. Until the OS is OSS, you can't even begin to trust it. And all the important bits are closed. You can trust on faith if you want to, but I expect verification. That's why I'm not religious about god OR security.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
THE FATAL FLAW
Apple Knew of FaceTime Issue Jan. 19; a 14-year-old in Arizona discovered the glitch that exposed millions of iPhone users to eavesdropping. His mother, a lawyer, exhausted every avenue she could to alert Apple. Told to become a developer to report bugs, it wasn’t until Monday that the company raced to disable Group FaceTime when a developer notified Apple.
Its time... AAPL has lost sight of its primary reason d'être, principle customer and existential key to success. Tim Cook's first action when taking reigns over at Apple was to File13 all of SteveJobs direct contacts with influencers. That single action spoke volumes. Now here its final edict surfaces.
Dump AAPL until new leadership arrives with the commitment, vision and ability to lead from the front.
This sort of thing cracks me up when juxtaposed with the unshakable belief in Apple "security" held by many Apple users.
Look at the stuff Jeff Atwood frequently gushes about the iPhone's "world class mobile hardware security"... hilarious!
I have noticed that the real hardcore security guys fall into one of three camps: they either don't put anything personal or meaningful on their phones, or they use burners all the time, or they run android phones with custom-compiled kernels. Only the first group uses Apple products.
If the FBI is not completely incompetent, they will always tell people they can't hack the phones they can hack, and vice versa. Obviously.
So, you believe the moon landings where a hoax and Elvis is still alive, living as a dishwasher at Mel's diner in Backwater Mississippi... Let me guess, you know where Jimmy Hoffa is too. OK.. I get it. Facts don't matter all that much to you.. (sarc off)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
apple should hire the 14 year old under the table then he could retire by the time he is 40ish.
Look, Buddy, I'm going to believe whatever I want to believe, so don't go throwing around your pesky facts n' stuff. I already *know* I'm right.
I noted THIS very problem to him & he replied "it's already patched don't worry, Q/A timelag" - I'm not bs'ing @ all when I say what I do.
* I doubt he'd lie to me (he's family & we tend to be pretty straight-up w/ one another, always have).
APK
P.S.=> Find out what an Apple "Tiger Team" is, & then get back to me (you'll 'change your tune')... apk
IF you're smart? You STOP working FOR OTHERS & go into business for YOURSELF (I was a dev 1994-2008 & I did it - it's BETTER (way better & you really only answer to YOURSELF & bills)).
* He tells me there's guys that have been @ Apple for 10++ yrs. quite a lot (says they're "smart" & I tell him "Sure, seems that way NOW for YOU, but wait until YOU'VE been there 10++ yrs. - they'll just seem like guys that've been there a LONG TIME & have great specific domain (or non-specific & WIDE) know-how & SO WILL YOU by then").
APK
P.S.=> I have noted to him that when you "keep adding NEW 'features'" you also introduce room for error but that IS how the game is - to keep ahead of competition, you have to 'add' (personally, I'd take time to COMPLETELY shore-up & SECURE my OS, 1st - but that's me)... apk
See subject & your "scribblings/droolings" look like "trollspeek", hahahaha!
APK
P.S.=> You PUNY worthless TROLL... apk
"fix that will be released in a software update later this week,â an Apple spokesperson told Threatpost https://threatpost.com/apple-d...
* EAT YOUR WORDS!
APK
P.S.=> You TROLL CHUMP... apk